package org.water.common.shiro;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.water.sys.entity.SysUser;
/**
 * 密码匹配器
 * @author qzy
 *
 */
public class DefaultCredentialsMatcher extends SimpleCredentialsMatcher {

	/**
	 * 密码匹配
	 */
	@Override
	public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
		UsernamePasswordToken userToken = (UsernamePasswordToken) token; 
		Object obj=info.getPrincipals().getPrimaryPrincipal();
		SysUser user=(SysUser) obj;
	    Object accountCredentials = getCredentials(info);  
	    String pwdType =String.valueOf(userToken.getPassword());// 判断一下密码是否是用户输入的，还是JCIS传过来的  
	    Boolean result=false;
	    if(pwdType.length() == 32){ 
	    	result=equals(pwdType, user.getPassword());
	        return result; //密码长度=32位，说明是md5加密过，是从xx传进来的 32位加密。  
	    }   
	    String originPwd=String.valueOf(userToken.getPassword());
	    String salt=userToken.getUsername()+accountCredentials;
	    String pwdUser =ShiroPwdHelper.getEncodePWD(originPwd,salt );//不等于32 是用户输入的密码。 如果用户输入的密码长度位32那么里面会有一个bug 
	    result=equals(pwdUser, user.getPassword());
	    return result;  
	}
}
